bisecting cause commit starting from e6e0f093d97872353bda8922456064dbcf5d82a2
building syzkaller on d850e9d08467726cd94b6a9caaf8090c594721ba
testing commit e6e0f093d97872353bda8922456064dbcf5d82a2 with gcc (GCC) 8.1.0
kernel signature: 58c2118a0e1dd7259913ffb515e51b4cb49aac620fc448294c6244744c70fb96
all runs: crashed: general protection fault in qdisc_hash_add
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: e032e7ec5e90a89dfbe0b36fec3d0ee2fc83f3225e66db4be3f20017a8d458a4
all runs: OK
# git bisect start e6e0f093d97872353bda8922456064dbcf5d82a2 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 6023 revisions left to test after this (roughly 13 steps)
[9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm
testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0
kernel signature: 7a8f091c98a1b71873ce057daae85478fbd613c204394b8ce2bc20f462082fc9
all runs: OK
# git bisect good 9f68e3655aae6d49d6ba05dd263f99f33c2567af
Bisecting: 3269 revisions left to test after this (roughly 12 steps)
[469030d454bd1620c7b2651d9ec8cdcbaa74deb9] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 469030d454bd1620c7b2651d9ec8cdcbaa74deb9 with gcc (GCC) 8.1.0
kernel signature: ee249a8d628749c5927f2cddeb64b12d7d33adec2039bb50beb7fb5c392673b7
all runs: OK
# git bisect good 469030d454bd1620c7b2651d9ec8cdcbaa74deb9
Bisecting: 1663 revisions left to test after this (roughly 11 steps)
[b0dd1eb220c06892e0a4098378c4296650f3f8db] Merge branch 'akpm' (patches from Andrew)
testing commit b0dd1eb220c06892e0a4098378c4296650f3f8db with gcc (GCC) 8.1.0
kernel signature: 9e8964c39e66081bb48ef2bb3219abf5b9f10567449f98d6bf5844268f5fcbe1
all runs: OK
# git bisect good b0dd1eb220c06892e0a4098378c4296650f3f8db
Bisecting: 880 revisions left to test after this (roughly 10 steps)
[bc1d75fa79860ec9d065cd3de041f86811d48563] net/mlx5e: Remove redundant comment about goto slow path
testing commit bc1d75fa79860ec9d065cd3de041f86811d48563 with gcc (GCC) 8.1.0
kernel signature: 82da18201c3b54b68df4decc823bd5a7779848dc62425e6e3c79a2a21d2a75ee
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good bc1d75fa79860ec9d065cd3de041f86811d48563
Bisecting: 440 revisions left to test after this (roughly 9 steps)
[a56d7a345dd67995ba415a26a0164a72780f2d02] net: mscc: ocelot: simplify tc-flower offload structures
testing commit a56d7a345dd67995ba415a26a0164a72780f2d02 with gcc (GCC) 8.1.0
kernel signature: dc752e83f2c161dda3537c6e16e0aebc42b89c9624bc4babbc06d4782f8e91ec
all runs: OK
# git bisect good a56d7a345dd67995ba415a26a0164a72780f2d02
Bisecting: 208 revisions left to test after this (roughly 8 steps)
[a368e860adb14f7496033051c1712dfd214f6cb1] Merge tag 'wireless-drivers-next-2020-03-05' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
testing commit a368e860adb14f7496033051c1712dfd214f6cb1 with gcc (GCC) 8.1.0
kernel signature: 53052e8d633fd7f935f09fa90a7dd7d32e487b4954195dee798df3a0208ad85e
all runs: OK
# git bisect good a368e860adb14f7496033051c1712dfd214f6cb1
Bisecting: 104 revisions left to test after this (roughly 7 steps)
[b7f55b81f2ac40e52c5a56e22c80488eac531c91] ionic: improve irq numa locality
testing commit b7f55b81f2ac40e52c5a56e22c80488eac531c91 with gcc (GCC) 8.1.0
kernel signature: 3ac804bceb933c69004d10e7da1cfe4af222801dfbbfd1d5211db86623ee89fa
all runs: OK
# git bisect good b7f55b81f2ac40e52c5a56e22c80488eac531c91
Bisecting: 52 revisions left to test after this (roughly 6 steps)
[79c57bffebe83ad0a7395f62596dc2e8d29a9ede] Merge branch 'enetc-Support-extended-BD-rings-at-runtime'
testing commit 79c57bffebe83ad0a7395f62596dc2e8d29a9ede with gcc (GCC) 8.1.0
kernel signature: fcf35df3bfbb9ebdbb24cc08a4f93f073bde9c7ea7f8ac8cd9e4f12b0fa90601
all runs: OK
# git bisect good 79c57bffebe83ad0a7395f62596dc2e8d29a9ede
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[fcca747f1800931015d359be48065755ef5c3f25] net: aquantia: reject all unsupported coalescing params
testing commit fcca747f1800931015d359be48065755ef5c3f25 with gcc (GCC) 8.1.0
kernel signature: bf662c6faa97fedfc7a14905064eae80c8937b15b80642ea09ba5b0f3464e841
all runs: OK
# git bisect good fcca747f1800931015d359be48065755ef5c3f25
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[d13f1167ab1c762a84350af97e8948a928d56019] net: gemini: reject unsupported coalescing params
testing commit d13f1167ab1c762a84350af97e8948a928d56019 with gcc (GCC) 8.1.0
kernel signature: cd0c286636711e1bb8446625ff85a9bccb96d6435a7ff3b414872b167a7817e1
all runs: OK
# git bisect good d13f1167ab1c762a84350af97e8948a928d56019
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[4cda75275f9f89f9485b0ca4d6950c95258a9bce] net: sched: make newly activated qdiscs visible
testing commit 4cda75275f9f89f9485b0ca4d6950c95258a9bce with gcc (GCC) 8.1.0
kernel signature: 8fb62af63541a3202f0fef0b4849375f2e161a64d82cff354d2fb1c93469e23e
all runs: crashed: general protection fault in qdisc_hash_add
# git bisect bad 4cda75275f9f89f9485b0ca4d6950c95258a9bce
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[81f954a44567567c7d74a97b1db78fb43afc253d] bareudp: Fixed bareudp receive handling
testing commit 81f954a44567567c7d74a97b1db78fb43afc253d with gcc (GCC) 8.1.0
kernel signature: d053450a2694a44a88bc17852eea77708ab9b5695eeeea6b7a6e65dad99dbf39
all runs: OK
# git bisect good 81f954a44567567c7d74a97b1db78fb43afc253d
Bisecting: 1 revision left to test after this (roughly 1 step)
[c7211ff3be0fa98a55920f876608cc9e13c9eb5f] net: stmmac: selftests: Fix L3/L4 Filtering test
testing commit c7211ff3be0fa98a55920f876608cc9e13c9eb5f with gcc (GCC) 8.1.0
kernel signature: addb78f9f03c293c06620c249df44e8250f90d9bde4fb82081911c20377926e3
all runs: OK
# git bisect good c7211ff3be0fa98a55920f876608cc9e13c9eb5f
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[dacf470b26418e91bef195342b25a234c94052e3] net: slcan, slip -- no need for goto when if () will do
testing commit dacf470b26418e91bef195342b25a234c94052e3 with gcc (GCC) 8.1.0
kernel signature: 7cc29c47234d8c17525a5fb191771c19495efc78ae5962d52f790e3c36d12cc7
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good dacf470b26418e91bef195342b25a234c94052e3
4cda75275f9f89f9485b0ca4d6950c95258a9bce is the first bad commit
commit 4cda75275f9f89f9485b0ca4d6950c95258a9bce
Author: Julian Wiedmann <jwi@linux.ibm.com>
Date:   Tue Mar 10 17:53:35 2020 +0100

    net: sched: make newly activated qdiscs visible
    
    In their .attach callback, mq[prio] only add the qdiscs of the currently
    active TX queues to the device's qdisc hash list.
    If a user later increases the number of active TX queues, their qdiscs
    are not visible via eg. 'tc qdisc show'.
    
    Add a hook to netif_set_real_num_tx_queues() that walks all active
    TX queues and adds those which are missing to the hash list.
    
    CC: Eric Dumazet <edumazet@google.com>
    CC: Jamal Hadi Salim <jhs@mojatatu.com>
    CC: Cong Wang <xiyou.wangcong@gmail.com>
    CC: Jiri Pirko <jiri@resnulli.us>
    Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/net/sch_generic.h |  6 ++++++
 net/core/dev.c            |  1 +
 net/sched/sch_generic.c   | 21 +++++++++++++++++++++
 3 files changed, 28 insertions(+)
culprit signature: 8fb62af63541a3202f0fef0b4849375f2e161a64d82cff354d2fb1c93469e23e
parent  signature: 7cc29c47234d8c17525a5fb191771c19495efc78ae5962d52f790e3c36d12cc7
revisions tested: 16, total time: 4h26m57.969433846s (build: 1h48m35.533645653s, test: 2h37m5.647597204s)
first bad commit: 4cda75275f9f89f9485b0ca4d6950c95258a9bce net: sched: make newly activated qdiscs visible
cc: ["ap420073@gmail.com" "davem@davemloft.net" "jhs@mojatatu.com" "jiri@resnulli.us" "jwi@linux.ibm.com" "kuba@kernel.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "xiyou.wangcong@gmail.com"]
crash: general protection fault in qdisc_hash_add
general protection fault, probably for non-canonical address 0xdffffc000000008f: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000478-0x000000000000047f]
CPU: 1 PID: 8582 Comm: syz-executor.5 Not tainted 5.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:hlist_add_head_rcu include/linux/rculist.h:538 [inline]
RIP: 0010:qdisc_hash_add.part.21+0xae/0x220 net/sched/sch_api.c:279
Code: 69 6b 38 47 86 c8 61 4c 8d 73 28 48 b8 00 00 00 00 00 fc ff df c1 ed 1c 4d 8d a4 ed 78 04 00 00 4c 89 e2 4c 89 e7 48 c1 ea 03 <80> 3c 02 00 0f 85 21 01 00 00 4c 89 f2 49 8b ac ed 78 04 00 00 48
RSP: 0018:ffffc90002d17ac0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffffffff897031c0 RCX: ffffffff814f119e
RDX: 000000000000008f RSI: 0000000000000008 RDI: 0000000000000478
RBP: 0000000000000000 R08: fffffbfff12d9969 R09: fffffbfff12d9969
R10: fffffbfff12d9968 R11: ffffffff896ccb47 R12: 0000000000000478
R13: 0000000000000000 R14: ffffffff897031e8 R15: 0000000000000000
FS:  00007fe7b4b01700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000076c000 CR3: 0000000097c5b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 dev_qdisc_set_real_num_tx_queues+0x14b/0x230 net/sched/sch_generic.c:1287
 netif_set_real_num_tx_queues+0x1e6/0x650 net/core/dev.c:2878
 tun_set_real_num_queues drivers/net/tun.c:598 [inline]
 tun_attach+0x483/0x11a0 drivers/net/tun.c:845
 tun_set_iff drivers/net/tun.c:2704 [inline]
 __tun_chr_ioctl+0x15e7/0x3db0 drivers/net/tun.c:3043
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0xb8/0x110 fs/ioctl.c:763
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl fs/ioctl.c:770 [inline]
 __x64_sys_ioctl+0x6a/0xb0 fs/ioctl.c:770
 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c679
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fe7b4b00c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe7b4b016d4 RCX: 000000000045c679
RDX: 00000000200000c0 RSI: 00000000400454ca RDI: 0000000000000004
RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000005a2 R14: 00000000004c81e0 R15: 000000000076bfac
Modules linked in:
---[ end trace 2d4b46b33f42eb6a ]---
RIP: 0010:hlist_add_head_rcu include/linux/rculist.h:538 [inline]
RIP: 0010:qdisc_hash_add.part.21+0xae/0x220 net/sched/sch_api.c:279
Code: 69 6b 38 47 86 c8 61 4c 8d 73 28 48 b8 00 00 00 00 00 fc ff df c1 ed 1c 4d 8d a4 ed 78 04 00 00 4c 89 e2 4c 89 e7 48 c1 ea 03 <80> 3c 02 00 0f 85 21 01 00 00 4c 89 f2 49 8b ac ed 78 04 00 00 48
RSP: 0018:ffffc90002d17ac0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffffffff897031c0 RCX: ffffffff814f119e
RDX: 000000000000008f RSI: 0000000000000008 RDI: 0000000000000478
RBP: 0000000000000000 R08: fffffbfff12d9969 R09: fffffbfff12d9969
R10: fffffbfff12d9968 R11: ffffffff896ccb47 R12: 0000000000000478
R13: 0000000000000000 R14: ffffffff897031e8 R15: 0000000000000000
FS:  00007fe7b4b01700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000076c000 CR3: 0000000097c5b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400